Overview
A buffer overflow vulnerability in iTunes could allow a remote attacker to execute arbitrary code.
Description
Apple iTunes is a digital media player available for the Microsoft Windows and Mac OS X operating systems. It supports a variety of playlist formats including .m3u and .pls. A playlist allows a user to organize the order in which media files are played. In addition to media files, URLs to digital streams can be included in a playlist. There is a buffer overflow vulnerability in the way iTunes parses URL entries in .m3u and .pls playlist files. If a remote attacker creates a specially crafted playlist containing an overly long URL, a buffer overflow will occur and could lead to arbitrary code execution. |
Impact
By convincing a user to load a specially crafted .m3u or .pls playlist file into iTunes, an attacker could execute arbitrary code with the privileges of the user. |
Solution
Install Update
|
Vendor Information
CVSS Metrics
Group | Score | Vector |
---|---|---|
Base | ||
Temporal | ||
Environmental |
References
Acknowledgements
iDEFENSE credits Sean de Regge for reporting this vulnerability
This document was written by Damon Morda.
Other Information
CVE IDs: | CVE-2005-0043 |
Severity Metric: | 30.38 |
Date Public: | 2005-01-11 |
Date First Published: | 2005-01-14 |
Date Last Updated: | 2005-01-14 18:26 UTC |
Document Revision: | 12 |